mbedtls

Author	SHA1	Message	Date
Bence Szépkúti	1b2a8836c4	Correct documentation references to Mbed TLS Use the correct formatting of the product name in the documentation. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 10:37:19 +01:00
Bence Szépkúti	60c863411c	Remove references to MBEDTLS_USER_CONFIG_VERSION Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	36da4ccc51	Update changelog and migration guide This reflect changes to the config version symbols. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	8d9132f43c	Fix typo Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	90b79ab342	Add migration guide and changelog Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:48 +01:00
Bence Szépkúti	dba968f59b	Realign Markdown table Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:47 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	fedd52ca19	Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation Require matching hashlen in RSA functions: implementation	2021-06-24 10:28:20 +02:00
Gilles Peskine	f06b92d724	Merge pull request #4567 from mstarzyk-mobica/gcm_ad Enable multiple calls to mbedtls_gcm_update_ad	2021-06-23 19:36:23 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Gilles Peskine	9dbbc297a3	PK signature function: require exact hash length Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-22 18:39:41 +02:00
Dave Rodgman	5ec5003992	Document the return type change in the migration guide Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-22 13:49:09 +01:00
Manuel Pégourié-Gonnard	e7885e5441	RSA: Require hashlen to match md_alg when applicable Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard	3e7ddb2bb6	Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 Update the default hash and curve selection for X.509 and TLS	2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard	a805d57261	Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA	2021-06-22 09:27:41 +02:00
TRodziewicz	f41dc7cb35	Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-21 13:27:29 +02:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	d5c9cc7c90	Add migration guide for modified key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard	ae35830295	Merge pull request #4661 from mpg/make-blinding-mandatory Make blinding mandatory	2021-06-18 18:32:13 +02:00
Dave Rodgman	8c8166a7f1	Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test Move part of timing module out of the library	2021-06-18 16:35:58 +01:00
Thomas Daubney	ac84469dd1	Modifies Migration Guide entry Commit makes corrections to Migration Guide entry for this task. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 14:08:56 +01:00
Thomas Daubney	379227cc59	Modifies ChangeLog and Migration Guide Entries in ChangeLog and Migration guide files have been merged to cover both the removal of MBEDTLS_SSL_TRUNCATED_HMAC and MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-18 10:46:12 +01:00
Gilles Peskine	39957503c5	Remove secp256k1 from the default X.509 and TLS profiles For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509, secp256k1 is not deprecated, but it isn't used in practice, especially in the context of TLS where there isn't much point in having an X.509 certificate which most peers do not support. So remove it from the default profile. We can add it back later if there is demand. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 23:17:52 +02:00
Gilles Peskine	ec78bc47b5	Meld DEFAULT_ALLOW_SHA1_IN_CERTIFICATES removal migration guide Meld the migration guide for the removal of MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for the strengthening of TLS and X.509 defaults, which is more general. The information in the SHA-1 section was largely already present in the strengthening section. It is now less straightforward to figure out how to enable SHA-1 in certificates, but that's a good thing, since no one should still be doing this in 2021. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	6b1f64a150	Wording clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	b1940a76ad	In TLS, order curves by resource usage, not size TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:29 +02:00
Gilles Peskine	3758fd6b79	Changelog entry and migration guide for hash and curve profile upgrades Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-17 21:46:14 +02:00
Thomas Daubney	50afb4378f	Adds Migration guide Commit adds a migraiton guide entry that was missing. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-17 09:23:41 +01:00
Manuel Pégourié-Gonnard	8707259318	Improve ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard	e6e51aab55	Add ChangeLog and migration guide entries Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:38:38 +02:00
Mateusz Starzyk	bd513bb53d	Enable multiple calls to mbedtls_gcm_update_ad. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-06-16 14:34:09 +02:00
TRodziewicz	15a7b73708	Documentation rewording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 11:22:53 +02:00
TRodziewicz	8f91c721d3	Code review follow-up corrections Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:45 +02:00
TRodziewicz	7ff652ae53	Addition of ChangeLog and migration guide entry files. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:39 +02:00
Gilles Peskine	17575dcb03	Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd Rename the _ret() functions	2021-06-15 20:32:07 +02:00
TRodziewicz	9c90226df1	Addition of the migration guide and change log files Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 15:49:20 +02:00
Manuel Pégourié-Gonnard	8cad2e22fc	Merge pull request #4595 from gilles-peskine-arm/alt-dummy-headers-3.0 Lighten and test constraints on context types in alternative implementations	2021-06-15 12:12:46 +02:00
TRodziewicz	28a4a963fc	Corrections to the docs wording and changes to aux scripts Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-15 00:18:32 +02:00
Gilles Peskine	cadd3d860e	Give examples of PLATFORM_XXX_ALT Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	bf26bef157	Discuss the durability of PSA drivers vs ALT when introducing them Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	a71db94c66	Document that contexts must be movable Fix #4451. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	f35c42bdb9	Document the remaining constraints on ALT context types Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:14:28 +02:00
Gilles Peskine	6a2fb61896	Rename library/ecp_alt.h to ecp_internal_alt.h library/ecp_alt.h (declaring individual functions of the ECP module that can be substituted, included when building the library with MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided, declaring types of the ECP module when the whole implementation is substituted, included when building the library with MBEDTLS_ECP_ALT enabled). Depending on the search path during build, this can make MBEDTLS_ECP_ALT unusable. Rename library/ecp_alt.h to follow the naming convention of other alt headers: MBEDTLS_XXX_ALT corresponds to xxx_alt.h. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:10:37 +02:00
Gilles Peskine	b9ccb25f33	Starter-class documentation of alternative implementations Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-15 00:10:37 +02:00
TRodziewicz	3946f79cab	Correction according to code review (function and param. names change and docs rewording) Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 13:46:21 +02:00
TRodziewicz	8b223b6509	Addition of the migration guide entry file. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 11:56:33 +02:00
TRodziewicz	1fcd72e93c	change log and migr. guide fixes and _DEPRECATED_REMOVED removed Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-14 11:16:06 +02:00
Gilles Peskine	02b76b7d18	Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code	2021-06-10 17:43:36 +02:00
TRodziewicz	2a5e5a2759	Correction to the migration guide entry wording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 16:54:20 +02:00
TRodziewicz	0ea2576502	Correction to the migr. guide wording and removal of not needed option Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 13:31:42 +02:00
TRodziewicz	b8367380b1	Addition of the migration guide Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 13:31:42 +02:00
TRodziewicz	1e66642d68	Addition of change log and migration guide files. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-09 11:25:28 +02:00
Ronald Cron	f8abfa8b1b	Improve migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-06-09 10:54:14 +02:00
Ronald Cron	6fe1bc3f24	Add change log and migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-06-08 14:11:19 +02:00
Manuel Pégourié-Gonnard	16fdab79a5	Merge pull request #4382 from hanno-arm/max_record_payload_api Remove MFL query API and add API for maximum plaintext size of incoming records	2021-06-08 11:07:27 +02:00
Hanno Becker	61f292ea0a	Fix migration guide for now-removed deprecated functions Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-08 07:50:55 +01:00
TRodziewicz	0730cd5d9e	Merge branch 'development' into Remove__CHECK_PARAMS_option	2021-06-07 15:41:49 +02:00
TRodziewicz	442fdc22ea	Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-07 13:52:23 +02:00
Manuel Pégourié-Gonnard	13a9776676	Editorial improvements Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-07 12:00:04 +02:00
Manuel Pégourié-Gonnard	3b5a7c198c	Update ChangeLog and migration guide Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-07 11:13:34 +02:00
Manuel Pégourié-Gonnard	84191eab06	Merge pull request #4315 from Kxuan/feat-pre-compute-tls Static initialize comb table	2021-06-03 11:41:54 +02:00
kXuan	782c2b9f36	fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM Signed-off-by: kXuan <kxuanobj@gmail.com>	2021-06-03 15:47:40 +08:00
Manuel Pégourié-Gonnard	1b1327cc0d	Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option	2021-06-02 13:48:03 +02:00
Manuel Pégourié-Gonnard	df77624ab5	Merge pull request #4490 from TRodziewicz/Combine__SSL_<CID-TLS1_3>_PADDING_GRANULARITY_options Combine _SSL_<CID-TLS1_3>_PADDING_GRANULARITY options	2021-06-02 13:47:48 +02:00
Manuel Pégourié-Gonnard	1b3b27cbb0	Merge pull request #4587 from TRodziewicz/remove_3DES_ciphersuites Remove 3DES ciphersuites	2021-06-02 11:01:42 +02:00
Ronald Cron	3dafa9bda8	Merge pull request #4555 from ronald-cron-arm/m-ccm-api Define CCM multi-part API	2021-06-02 09:56:43 +02:00
Gilles Peskine	fe3069b7f1	Merge pull request #4585 from mpg/cipher-aead-delayed Clarify multi-part AEAD calling sequence in Cipher module	2021-06-01 12:04:19 +02:00
Manuel Pégourié-Gonnard	c01b87b820	Fix some typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-01 09:40:53 +02:00
Ronald Cron	f668bd18df	Add migration guide for developers of CCM alternative implementation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-06-01 09:07:46 +02:00
kXuan	22fc906d57	Add ChangeLog and migration guide for MBEDTLS_ECP_FIXED_POINT_OPTIM Signed-off-by: kXuan <kxuanobj@gmail.com>	2021-06-01 14:01:59 +08:00
TRodziewicz	231649a020	Changing the migration guide entry wording. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-31 13:12:16 +02:00
TRodziewicz	4e57f4cdfd	Adding removed defines to check_config.h and fixing the migration guide entry. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-31 12:58:25 +02:00
Manuel Pégourié-Gonnard	6d84e917bb	Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions Expose flag for critical extensions	2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard	ee57ebe553	Add ChangeLog and migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-31 12:25:01 +02:00
TRodziewicz	3670e387dc	Remove 3DES ciphersuites Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-31 12:11:53 +02:00
Ronald Cron	ea62d2f391	Merge pull request #4369 from hanno-arm/relax_psk_config Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0	2021-05-31 10:03:56 +02:00
TRodziewicz	dee975af7d	Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option Remove define Add ChangeLog file and migration guide entry Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-28 15:27:01 +02:00
Hanno Becker	2bec09c113	Fix typo in migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-28 09:54:31 +01:00
Hanno Becker	196739b478	Change wording in documentation of PSK configuration Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-28 05:33:14 +01:00
TRodziewicz	062f353804	Changes after code review Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-27 17:34:14 +02:00
TRodziewicz	caf2ae04b8	ChangeLog and migration guide added. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-27 17:33:51 +02:00
Christoph Reiter	95273f4b07	Expose flag for critical extensions Enables creating X.509 CSRs with critical extensions. Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>	2021-05-27 14:27:43 +02:00
TRodziewicz	0a02fbb783	Addition of the migration guide entry. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-26 15:57:50 +02:00
TRodziewicz	a86c312d92	Addition of the migration guide entry. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-26 15:29:36 +02:00
Gilles Peskine	b7abba28e3	Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 Remove rsa mode params part 2	2021-05-25 20:36:33 +02:00
Thomas Daubney	6f966112c7	Corrections to ChangeLog and Migration guide Corrections to address wording of ChangeLog and Migration guide. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-05-25 15:00:19 +01:00
Thomas Daubney	3ca92b182c	Re-wording of Migration guide entry Commit re-words the migration guide entry as requested in review. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-05-24 14:11:39 +01:00
TRodziewicz	4ca18aae38	Corrections after the code review Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 13:38:00 +02:00
TRodziewicz	d807060e0a	Addition of migration guide and corrections to the ChangeLog file Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:50:51 +02:00
Thomas Daubney	2fbbe1d2fe	Corrections to ChangeLog and Migration guide This commit fixes typos and re-words the migration guide. It also adds the issue number to the ChangeLog. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-05-24 10:53:57 +01:00
Hanno Becker	3bbf4c058f	Fix typo in migration guide for ticket API change Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-23 06:20:23 +01:00
Hanno Becker	b2efc4d464	Add migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-23 06:03:55 +01:00
Thomas Daubney	62b0d1dbc8	Adds ChangeLog and Migration guide entry Commit adds relevant entry to the ChangeLog and to the Migration guide. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-05-21 17:05:12 +01:00
Janos Follath	7fc487c4d6	Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 Add session ID as an explicit parameter to SSL session cache API	2021-05-21 09:28:55 +01:00
Ronald Cron	ca72287583	Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive Modify config option for SHA384.	2021-05-21 08:04:33 +02:00
Ronald Cron	49fef37ebf	Merge pull request #4342 from gilles-peskine-arm/gcm-update-any-length GCM: allow arbitrary lengths for update Only the ABI-API-checking job failed and this is expected thus good to go.	2021-05-20 15:08:55 +02:00
Mateusz Starzyk	17011a3185	Merge branch 'development' into convert_NO_SHA384_to_positive Conflicts: library/version_features.c programs/test/query_config.c Files were removed in development branch and modified by current branch. Conflicts fixes by removing them.	2021-05-20 14:18:12 +02:00
Mateusz Starzyk	3489cc1433	Improve migration guide for SHA384 option Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-05-20 13:52:48 +02:00
Gilles Peskine	15c7b40ab7	Reorder the text to say who is affected first Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-20 12:11:19 +02:00
Gilles Peskine	7f312c811b	Add migration guides for GCM Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-20 11:51:46 +02:00
Manuel Pégourié-Gonnard	729fa5be88	Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy Remove MBEDTLS_TEST_NULL_ENTROPY config option.	2021-05-20 09:19:55 +02:00
Mateusz Starzyk	2396b21f80	Provide more in-depth migration guide after removal of null entropy. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-05-19 16:35:51 +02:00
Manuel Pégourié-Gonnard	2213871654	Merge pull request #4489 from TRodziewicz/Remove__SSL_RECORD_CHECKING Remove ssl record checking	2021-05-19 13:57:51 +02:00
Mateusz Starzyk	44085de5f7	Add migration guide for SHA384 and SHA224 options. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-05-19 13:22:53 +02:00
Ronald Cron	0e3ec27598	Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512 Change sha256 and sha512 output type from an array to a pointer	2021-05-19 12:37:17 +02:00
Mateusz Starzyk	ef80a9c5e0	Add migration guide for removed null entropy config option Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-05-18 16:25:01 +02:00
Hanno Becker	9039303cf5	Add migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-18 05:27:18 +01:00
Ronald Cron	fdcde47f36	Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len Remove MBEDTLS_SSL_MAX_CONTENT_LEN option	2021-05-17 16:36:04 +02:00
TRodziewicz	e13a23b439	New line added at the end of the migration guide entry Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-17 11:16:52 +02:00
Manuel Pégourié-Gonnard	5605911fd3	Merge pull request #4447 from hanno-arm/ssl_config_cleanup Avoid and remove some SSL error codes for Mbed TLS 3.0	2021-05-17 10:55:17 +02:00
TRodziewicz	57d7ab72fb	Correction to migration guide entry wording Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-17 10:43:41 +02:00
Hanno Becker	67e49a627d	Add migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 20:13:54 +01:00
Hanno Becker	8e184e2deb	Add migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 17:10:27 +01:00
Hanno Becker	699d4d7df7	Add migration guide for new SSL ticket API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:36:44 +01:00
Hanno Becker	548b136e8f	Add migration guide for removal of mbedtls_ssl_get_session_pointer() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:36:44 +01:00
TRodziewicz	1cf33bf94d	Corrections o the migration guide Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-14 14:35:26 +02:00
TRodziewicz	95f8f22c27	Migration guide added and ChangeLog clarified Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-14 14:07:51 +02:00
Gilles Peskine	d7b3d92476	Change sha256 output type from an array to a pointer The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-224 hash into a 28-byte buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-13 00:46:29 +02:00
Gilles Peskine	e02e02f203	Change sha512 output type from an array to a pointer The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-13 00:32:45 +02:00
Gilles Peskine	5d1f747d85	Merge pull request #4377 from mpg/psa-pbkdf2-api PSA API for PBKDF2-HMAC	2021-05-12 18:00:30 +02:00
David Horstmann	95d516f319	Remove MBEDTLS_SSL_MAX_CONTENT_LEN option Signed-off-by: David Horstmann <david.horstmann@arm.com>	2021-05-10 17:02:48 +01:00
Manuel Pégourié-Gonnard	f9a68ad62a	Fix typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard	dd57b2f240	Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder Remove deprecated functions and constants.	2021-05-07 10:05:30 +02:00
TRodziewicz	d9d035a5b5	Corrections of the migration guide from the code review. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-06 11:53:06 +02:00
TRodziewicz	c1c479fbe9	Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-06 00:53:22 +02:00
Gilles Peskine	275b9b2ef4	Merge pull request #4402 from mpg/migration-guide-3.0 Migration guide for 3.0	2021-05-05 14:30:39 +02:00
Manuel Pégourié-Gonnard	143b1e387b	Fix a number of typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Co-authored-by: Ronald Cron <ronald.cron@arm.com>	2021-05-05 09:47:47 +02:00
Ronald Cron	d5d04962ef	Add change log and migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-05-04 15:59:10 +02:00
Manuel Pégourié-Gonnard	438ac27059	Quit using title case for entry titles Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 13:06:34 +02:00
Manuel Pégourié-Gonnard	72f762b1da	Clarify 3.0-migration-guide.d/00README Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:36:40 +02:00
Manuel Pégourié-Gonnard	e756306dd6	Move some details from ChangeLog to migration guide Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:36:33 +02:00
Manuel Pégourié-Gonnard	57e93e5296	Clarify a sentence Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard	f5acfbac99	Improve description of migration guide entries Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard	2960b2e88c	Fix a few typos Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard	b2a1043a4c	Add a directory for 3.0 migration guide entries Similarly to ChangeLog.d, we want to avoid endless merge conflicts. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard	89d4ab0999	Add a "3.0 migration guide document" For now the entries are in no particular order. Before the release we should have a final pass over this document and order them from most impactful to least impactful. We might even create sections, a table of contents, etc. In the meantime, each PR should add an entry about it changes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-05-04 11:35:08 +02:00
Manuel Pégourié-Gonnard	421390f52f	Fix driver interface for key derivation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-04-30 12:38:12 +02:00
Dave Rodgman	12f93f4fc2	Merge pull request #4407 from ARMmbed/dev3_signoffs Merge development_3.0 into development	2021-04-26 19:48:16 +01:00
Ronald Cron	b5939e814e	Merge pull request #4160 from stevew817/feature/driver_builtin_keys Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).	2021-04-23 09:40:31 +02:00
Manuel Pégourié-Gonnard	351a2576f5	PSA PBKDF2: extend key derivation driver interface Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-04-20 13:11:17 +02:00
Tobias Nießen	835beffcf4	Fix typo in architecture docs Signed-off-by: Tobias Nießen <tniessen@tnie.de>	2021-04-19 23:56:25 +02:00
Manuel Pégourié-Gonnard	16529bd439	Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h Remove deprecated things from crypto_compat.h and dependent tests.	2021-04-19 10:55:21 +02:00
Steven Cooreman	31e27af0cc	Reword the builtin key language on persistency declaration Specifically allow the driver to override the persistency level of a builtin key in cases where the driver is persistency-aware. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-04-16 11:25:18 +02:00
TRodziewicz	2a1a67300d	Remove deprecated things from crypto_compat.h and dependent tests. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-04-13 23:12:42 +02:00
Dave Rodgman	73e3e2cb1a	Merge remote-tracking branch 'origin/development' into development_new Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> Conflicts: include/mbedtls/check_config.h: nearby edits library/entropy.c: nearby edits programs/random/gen_random_havege.c: modification vs. removal programs/ssl/ssl_test_lib.h: nearby edits programs/test/cpp_dummy_build.cpp: nearby edits visualc/VS2010/mbedTLS.vcxproj: automatically generated file, regenerated with scripts/generate_visualc_files.pl	2021-04-07 16:31:09 +01:00
Chris Jones	6f554e388e	Remove reference to include/mbedtls/*_internal.h files Signed-off-by: Chris Jones <christopher.jones@arm.com>	2021-04-01 09:52:37 +01:00
Hanno Becker	7594c68049	Document status of MPS upstreaming Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-03-29 14:20:18 +01:00
Gilles Peskine	2c5d9e6a32	No configuration symbols for FFDH Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:41 +01:00
Gilles Peskine	7df7d1eb57	ECC: add rationale Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:29 +01:00
Gilles Peskine	c74712f12d	Fix an example that didn't follow the given pattern Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:40:02 +01:00
Gilles Peskine	59c6347810	Remove the time stamp Time stamps are useful when the document gets shared around, but they tend to lead to merge conflicts. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-02-09 21:39:13 +01:00
Ronald Cron	d9763466b7	Expand and improve psa-crypto-implementation-structure.md Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-02 11:49:14 +01:00
Ronald Cron	31520b4b1c	Fix psa-crypto-implementation-structure.md Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-02 11:38:50 +01:00
Ronald Cron	0dbbf1e27f	psa: Add architecture document Add architecture document explaining how this PR aim to restructure the PSA implementation (only part of it) and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-02 11:29:07 +01:00
Ronald Cron	ac80be111b	Merge pull request #3878 from gilles-peskine-arm/psa-builtin-keys-via-slot-number-spec New entry point get_builtin_key for opaque drivers (PSA spec)	2021-01-29 10:43:15 +01:00
Ronald Cron	318515b384	Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0	2021-01-29 09:31:59 +01:00
Ronald Cron	a120146afe	Merge pull request #3962 from gilles-peskine-arm/psa-storage-format-test-strategy Keystore format stability test strategy	2021-01-25 16:44:23 +01:00
Gilles Peskine	055be83413	Fix typo Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-25 11:36:24 +01:00
gabor-mezei-arm	cbcec21684	Rename output buffer size macros Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0 Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-01-21 13:17:25 +01:00
Gilles Peskine	84ae1eefb4	Minor clarification Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-20 20:20:10 +01:00
Gilles Peskine	3d67365ef7	Add a key_buffer_length output to "get_builtin_key" While builtin keys will often have a fixed-size context, this is not necessarily the case, so the "get_builtin_key" entry point needs to return the size of the actual key context. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-20 20:19:14 +01:00
Gilles Peskine	ff457506d3	Remind the reader of what is done about old formats Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-19 14:25:20 +01:00
Gilles Peskine	697ee190b5	Add a section about non-default lifetimes Alternative locations should be covered. We don't yet support alternative persistence levels. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-18 23:38:21 +01:00
Gilles Peskine	528144f523	Clarify the methods of key storage testing Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-18 23:36:18 +01:00
Gilles Peskine	cf62f10d3f	Clarify interoperability non-requirement Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-05 11:49:18 +01:00
Gilles Peskine	739e08a68d	Keystore format stability test strategy Initial revision. Save-compare-load approach: the test case data contains attributes of the object under test and the expected file content. Create the object, save it, check that the file has the expected content, load the file and check that the new object has the expected attributes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-14 18:51:47 +01:00
Ronald Cron	8f05aeb2e3	Merge pull request #3882 from gilles-peskine-arm/psa-random-driver-spec PSA: Specification for random generation and entropy drivers	2020-12-11 14:07:35 +01:00
Gilles Peskine	348eeebb24	Clarify the intent of the KEEPALIVE flag Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-11 10:52:36 +01:00
Manuel Pégourié-Gonnard	a27a4e2f18	Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel Remove old proposed accelerator interfaces	2020-12-10 11:31:47 +01:00
Gilles Peskine	24cebf6671	Add a section for transparent drivers No strategy yet, just state some basic requirements. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-08 15:19:04 +01:00
Gilles Peskine	f0e2853d46	Minimal update to mention unified-interface opaque drivers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-08 15:19:04 +01:00
Gilles Peskine	ae7772d0f3	Clarifications around reseed_entropy_size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:39 +01:00
Gilles Peskine	43100e3fcb	Add section on combining get_entropy with add_entropy Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	32e584c38a	Copyediting and minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	3ff79066b1	Note an interrogation about integer value representation Especially 0 values may need special treatment since they can't be used as an array size. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:29 +01:00
Gilles Peskine	6a530e8d26	Random driver: make initial_entropy_size mandatory If a random driver has a built-in entropy source and doesn't need an external entropy source, make the driver author declare this explicitly, rather than it being a less secure default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:22 +01:00
Gilles Peskine	ee914f34fa	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:14 +01:00
Gilles Peskine	609394c1cf	Open question: can there be multiple RNG instances? Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:48:06 +01:00
Gilles Peskine	8d5092c11f	get_random: no output on error The get_random entry point was allowed to return partial data on both PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no meaningful difference between the two. Keep it simple: PSA_SUCCESS is success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an error with no output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:56 +01:00
Gilles Peskine	1ef6ad48d1	Note that I'm not completly sure about the get_entropy flags Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:45 +01:00
Gilles Peskine	3eb65fbba6	Open question: should add_entropy take an estimated_entropy_bits parameter? Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:45 +01:00
Gilles Peskine	b89b4b9025	get_entropy: recommendations on conditioning and entropy estimates Explicitly recommend that the driver accounts for environmental conditions that can affect the amount of entropy. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:36 +01:00
Gilles Peskine	05ab2646a3	get_entropy: recommendations on the output_size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:36 +01:00
Gilles Peskine	a14326f054	Make add_entropy optional A random generation driver does not need to support entropy injection. This will limit it to platforms where the RNG peripheral is the sole entropy source and without an RNG seed saved into persistent storage. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:27 +01:00
Gilles Peskine	390c5a2c6f	It is not meaningful for reseed_entropy_size to be 0 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:19 +01:00
Gilles Peskine	0e3b7ced4c	Don't require a call to add_entropy when 0 bytes are needed If an RNG peripheral includes an entropy source, it would presumably declare "initial_entropy_size" and "reseed_entropy_size" to be 0. In this case, don't require the core to call "add_entropy". Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:47:10 +01:00
Gilles Peskine	5263e1ecdd	Transparent drivers can have get_entropy as well The `get_entropy` entry point can be provided by multiple transparent drivers, and the core will call all of them. But apart from that, `get_entropy` doesn't involve an opaque key or a location, so it can be in a transparent driver. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:46:58 +01:00
Gilles Peskine	e80978a260	Specification for random generation and entropy drivers Transparent drivers may provide a DRBG interface through "add_entropy" and "get_random" entry points. This interface may also be used with a non-deterministic generator, for chips that include a TRNG. Opaque driver may provide a "get_entropy" entry point. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:46:42 +01:00
Gilles Peskine	1fc4c8d11b	Let get_builtin_key be called to retrieve the key's attributes Allow the core to call the "get_builtin_key" entry point to retrieve the attributes of a built-in key. This is useful to implement psa_get_key_attributes(), and also when the key data buffer's size depends on the key type and size. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 18:41:50 +01:00
Gilles Peskine	a6454d2820	Minor clarifications Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 17:01:52 +01:00
Gilles Peskine	48d71f2aa4	New entry point get_builtin_key for opaque drivers Allow opaque drivers to expose keys that were not created through the PSA API. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 17:01:37 +01:00
Gilles Peskine	51977355dc	Remove the time stamp Having a time stamp identifying each revision of the document is useful, but it's also a pain because it creates a conflict whenever there are multiple pending changes at the same time. The gain isn't worth the pain, so I'm removing the time stamp. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-07 17:01:17 +01:00
Gilles Peskine	db6b03b4f2	Remove old-style accelerator and entropy driver interfaces The driver interfaces described in crypto_accel_driver.h and crypto_entropy_driver.h are no longer being worked on. We do not intend to finish the design of these interfaces or to implement them in Mbed TLS. They have been superseded by the unified driver interface (docs/proposed/psa-driver-interface.md), which is being actively worked on both to finalize the specification and to implement it in Mbed TLS. The partially implemented dynamic secure element interface is staying for now. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-11-30 17:37:14 +01:00
Gilles Peskine	e533ff7bb7	Merge pull request #3695 from gilles-peskine-arm/psa-unified-driver-specs-20200918 PSA unified driver specification: key validation and transparent key import	2020-11-30 15:54:45 +01:00
Gilles Peskine	f0a9721c18	Use GitHub-compatible table formatting Also fix a stray `. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-11-26 10:31:32 +01:00
Gilles Peskine	4228671d0f	Copyediting Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-11-24 13:11:31 +01:00
Gilles Peskine	99e52f6313	Clarifications around key import Rework the section describing key import, in particular to clarify key size determination and checking. There is no intended semantic change. Note an open question around support for implementation-specific import formats. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-11-24 13:11:31 +01:00

... 2 3 4 5 6 ...

488 commits